1. Field of the Invention
The present invention relates to software, network communications, and mobile devices. More specifically, it relates to security of apps and associated data running on mobile devices and connecting to remote servers.
2. Description of the Related Art
Application security is becoming increasingly important, especially applications on mobile devices, commonly referred to as apps. Often, these apps have to communicate with a remote server, such as work-related or employer-owned apps on a user's personal device. Many apps are now using Transport Layer Security (TLS), (also referred to as the Secure Socket Layer or SSL) for establishing network connections which may be used for communication with external components. Other protocols and standards are also being used for communication between an app on a device and a remote server. Note that the means for communication, whether TLS or another protocol, is at the app level, rather than at the device level. However, while TLS is a relatively secure means for communicating, there are certain ways to subvert or undermine an TLS connection. For example, a hacker or unauthorized party may be able to convince a certificate authority to sign off on a false certificate which appears authentic. Thus, a hostile party may be able to obtain a false certificate and pretend to be from a well-known and trusted company. This false certificate can then be used to subvert a TLS connection with an app on a mobile device, thereby threatening the app, data, the device operating system, and potentially the device network. It would be desirable to have greater protection for apps and associated data on mobile devices; that is, provide better protective measures at the app layer rather than at the device (physical, operating system, or network layers). Such protective measures should execute with TLS connections and should also be used with non-TLS clients.